[gnso-rds-pdp-wg] @EXT: RE: Use cases: Fundamental, Incidental, and Theoretical

Ayden Férdeline icann at ferdeline.com
Mon Aug 8 12:36:26 UTC 2016 

Thanks Dick. I think you and Greg have made the point that intelligence services
are generally not so quick to share their data with the dog catcher. However, if
you are going to offer offline tutorials, may we beg a digest of those tutorials
for the list? It is hard to get good information on these actual practices. Some
of the legislative and policy initiatives in western democracies to share data
between investigative agencies, not to mention further investment in big data
techniques for profiling without disclosure (not the technical term but I am
sure you know what I am referring to) would lead one to conclude that such data
sharing is well in hand.
Totally agree, Stephanie. There has to be oversight of these practices; it
simply is not good enough for intelligence agencies to be Judge, Jury,
Executioner, and Court Stenographer — and expect to be trusted, blindly, that
they behave in an ethical and appropriate manner.
I would like to hear more from those in the intelligence communities around
their internal ethical controls, what oversight governs what data is collected
and how it is used, and how, say, WHOIS records are being blended together with
other data sources to identify someone.
- Ayden





On Fri, Aug 5, 2016 3:58 PM, Stephanie Perrin stephanie.perrin at mail.utoronto.ca wrote:
Thanks Dick.� I think you and Greg have made the point that intelligence
services are generally not so quick to share their data with the dog catcher.�
However, if you are going to offer offline tutorials, may we beg a digest of
those tutorials for the list?� It is hard to get good information on these
actual practices.� Some of the legislative and policy initiatives in western
democracies to share data between investigative agencies, not to mention further
investment in big data techniques for profiling without disclosure (not the
technical term but I am sure you know what I am referring to) would lead one to
conclude that such data sharing is well in hand.

Best regards


stephanie perrin



On 2016-08-05 5:49, Richard Leaning wrote:
Hi Rob,

Not sure where to start on this response, i will try and keep it short.

Am not sure that by speaking to one ex FBI agent and couple of Police officers in Sheffield is a true reflection of the Global LEA position on this WG. It concerns me greatly that you take this view.

Its a big +1 to Greg Mounier, Greg Aaron and Terri.

As an ex Senior Detective from the UK having just retired last year after 30 years service, spending the last 7 years or so involved investigating Cyber crime Nationally and Internationally within SOCA, NCA and then EC3 (European Cyber Crime Centre - Europol) am more than happy to spend some time with you outside this group to explain the difference between the Intelligence services and LEA.

Also as am now be working for RIPE NCC (a RIR) as a Consultant am also happy at the same time, explain to you about the RIPE Database.

Kind Regards

Dick

Richard Leaning
External Relations
RIPE NCC






On 4 Aug 2016, at 21:20, Rob Golding <rob.golding at astutium.com> wrote:



note that:
Any customer of an RIR has its contact data published in RIR WHOIS



Which is of course no different to saying "Any customer of a Registry (aka Registrar) has it's contact data published"

And in practice it's _most_ customers of _most_ RIRs - lots of the lookups for certain regions just-don�t-work (tm) and with the amount of 'funkiness' that goes on with IPv4 routing post-runout, what details you see on an IP lookup at an RIR has little-to-no bearing now on who is actually using it
- what you're able to see is "who should be (directly or indirectly) paying the RIRs fees"



Yet IP Whois will usually only yield the webhost or the IS. How is having to ask them for the data any different from having to ask the registrar. 



I would say it's not any different at all in effect, but may be less likely to yield a response due to the limited "policy" capabilities when it comes to "unregulated" industries.



Are LEAs lobbying for webhost and internet subscriber public whois?



I feel I should suggest that they can probably just extract the data from the NSA or GCHQ or their-local-equivalent, so no need to make it "public )



I will be interested in learning however law enforcement manages to do its job without this needed and useful data 



The caveats being that "useful" is subjective and "needed" depends on circumstances. 

I don't see anyone suggesting that there shouldn�t be methods in place so that Law Enforcement can do their job.

I do however think that the concept of punishing everyone because there are a very small %age of "bad actors" is, in a civilised society, not even remotely appropriate.

Rob


---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus

_______________________________________________
gnso-rds-pdp-wg mailing list
gnso-rds-pdp-wg at icann.orghttps://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg





_______________________________________________
gnso-rds-pdp-wg mailing list
gnso-rds-pdp-wg at icann.orghttps://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg




Ayden Férdeline Statement of Interest
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20160808/af849fee/attachment.html>

More information about the gnso-rds-pdp-wg mailing list